Lucene search
HistoryNov 01, 2005 - 9:02 p.m.
CVE-2005-3417
cve-2005-3417
phpbb
security bypass
remote attack
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
85.9%
phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.
Affected configurations
Node
phpbb_groupphpbbMatch2.0.0
ORphpbb_groupphpbbMatch2.0.1
ORphpbb_groupphpbbMatch2.0.2
ORphpbb_groupphpbbMatch2.0.3
ORphpbb_groupphpbbMatch2.0.4
ORphpbb_groupphpbbMatch2.0.5
ORphpbb_groupphpbbMatch2.0.6
ORphpbb_groupphpbbMatch2.0.6c
ORphpbb_groupphpbbMatch2.0.6d
ORphpbb_groupphpbbMatch2.0.7
ORphpbb_groupphpbbMatch2.0.7a
ORphpbb_groupphpbbMatch2.0.8
ORphpbb_groupphpbbMatch2.0.8a
ORphpbb_groupphpbbMatch2.0.9
ORphpbb_groupphpbbMatch2.0.10
ORphpbb_groupphpbbMatch2.0.11
ORphpbb_groupphpbbMatch2.0.12
ORphpbb_groupphpbbMatch2.0.13
ORphpbb_groupphpbbMatch2.0.14
ORphpbb_groupphpbbMatch2.0.15
ORphpbb_groupphpbbMatch2.0.16
ORphpbb_groupphpbbMatch2.0.17
ORphpbb_groupphpbbMatch2.0_beta1
ORphpbb_groupphpbbMatch2.0_rc1
ORphpbb_groupphpbbMatch2.0_rc2
ORphpbb_groupphpbbMatch2.0_rc3
ORphpbb_groupphpbbMatch2.0_rc4
References
Related
nvd
nvd
CVE-2005-3417
2005-11-01 21:02:00
ubuntucve
ubuntucve
CVE-2005-3417
2005-11-01 00:00:00
cvelist
cvelist
CVE-2005-3417
2005-11-01 21:00:00
nessus
nessus
phpBB <= 2.0.17 Multiple Vulnerabilities
2005-11-02 00:00:00
FreeBSD : phpbb -- multiple vulnerabilities (28c9243a-72ed-11da-8c1d-000e0c2e438a)
2006-05-13 00:00:00
Debian DSA-925-1 : phpbb2 - several vulnerabilities
2006-10-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 925-1 (phpbb2)
2008-01-17 00:00:00
FreeBSD Ports: phpbb, zh-phpbb-tw
2008-09-04 00:00:00
Debian: Security Advisory (DSA-925-1)
2008-01-17 00:00:00
osv
osv
phpbb2 - several
2005-12-22 00:00:00
freebsd
freebsd
phpbb -- multiple vulnerabilities
2005-10-24 00:00:00
debian
debian
[SECURITY] [DSA 925-1] New phpbb2 packages fix several vulnerabilities
2005-12-22 08:19:09
[SECURITY] [DSA 925-1] New phpbb2 packages fix several vulnerabilities
2005-12-22 08:19:09
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
85.9%
Related for CVE-2005-3417